Fix OmniAuth 2.x CSRF check in test mode stubs

OmniAuth 2.1.4 still runs request_validation_phase inside
mock_request_call even when test_mode is true. With
omniauth-rails_csrf_protection installed this raises
InvalidAuthenticityToken on the mocked POST, breaking
feature specs that drive the SSO button flow.

Disable request_validation_phase while stubs are active and
restore the original value in reset_oidc_stubs.

Author: Fivell

lib/activeadmin/oidc/test_helpers.rb

@@ -29,6 +29,12 @@ module TestHelpers
       def stub_oidc_sign_in(sub: 'alice-sub', claims: {})
         merged = DEFAULT_CLAIMS.merge(claims.transform_keys(&:to_s))
         OmniAuth.config.test_mode = true
+        # OmniAuth 2.x still runs request_validation_phase in test mode
+        # (mock_request_call, line 325 of strategy.rb). Disable it so
+        # the CSRF check from omniauth-rails_csrf_protection doesn't
+        # reject the mocked request.
+        @_oidc_saved_request_validation_phase = OmniAuth.config.request_validation_phase
+        OmniAuth.config.request_validation_phase = nil
         OmniAuth.config.mock_auth[:oidc] = OmniAuth::AuthHash.new(
           provider: 'oidc',
           uid: sub,
@@ -45,13 +51,16 @@ def stub_oidc_sign_in(sub: 'alice-sub', claims: {})
       # Stubs OmniAuth to simulate a strategy failure.
       def stub_oidc_failure(message_key = :invalid_credentials)
         OmniAuth.config.test_mode = true
+        @_oidc_saved_request_validation_phase = OmniAuth.config.request_validation_phase
+        OmniAuth.config.request_validation_phase = nil
         OmniAuth.config.mock_auth[:oidc] = message_key
       end
 
       # Resets OmniAuth test mode. Call in an `after` hook.
       def reset_oidc_stubs
         OmniAuth.config.mock_auth[:oidc] = nil
         OmniAuth.config.test_mode = false
+        OmniAuth.config.request_validation_phase = @_oidc_saved_request_validation_phase if defined?(@_oidc_saved_request_validation_phase)
       end
     end